Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package iwd for openSUSE:Factory checked in at 2025-06-10 09:05:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iwd (Old) and /work/SRC/openSUSE:Factory/.iwd.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iwd" Tue Jun 10 09:05:21 2025 rev:56 rq:1283888 version:3.8 Changes: -------- --- /work/SRC/openSUSE:Factory/iwd/iwd.changes 2025-04-07 18:41:34.507936873 +0200 +++ /work/SRC/openSUSE:Factory/.iwd.new.19631/iwd.changes 2025-06-10 09:08:51.208284885 +0200 @@ -1,0 +2,17 @@ +Fri Jun 6 17:55:19 UTC 2025 - Luigi Baldoni <aloi...@gmx.com> + +- Add iwd-dbus_policy.patch to address rpmlint complaints. + +------------------------------------------------------------------- +Thu Jun 5 08:25:33 UTC 2025 - Luigi Baldoni <aloi...@gmx.com> + +- Update to version 3.8 + * Fix issue with handling unit tests and missing kernel + features. + version 3.7: + * Fix issue with handling length of EncryptedSecurity. + * Fix issue with handling empty affinities lists. + * Fix issue with handling survey scanning results. + * Fix issue with handling duplicate values in DPP URI. + +------------------------------------------------------------------- Old: ---- iwd-3.6.tar.sign iwd-3.6.tar.xz New: ---- iwd-3.8.tar.sign iwd-3.8.tar.xz iwd-dbus_policy.patch BETA DEBUG BEGIN: New: - Add iwd-dbus_policy.patch to address rpmlint complaints. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iwd.spec ++++++ --- /var/tmp/diff_new_pack.2dYu0q/_old 2025-06-10 09:08:51.896313326 +0200 +++ /var/tmp/diff_new_pack.2dYu0q/_new 2025-06-10 09:08:51.896313326 +0200 @@ -17,13 +17,15 @@ Name: iwd -Version: 3.6 +Version: 3.8 Release: 0 Summary: Wireless daemon for Linux License: LGPL-2.1-or-later URL: https://git.kernel.org/pub/scm/network/wireless/iwd.git Source: https://kernel.org/pub/linux/network/wireless/%{name}-%{version}.tar.xz Source1: https://kernel.org/pub/linux/network/wireless/%{name}-%{version}.tar.sign +# PATCH-FIX-OPENSUSe iwd-dbus_policy.patch +Patch0: iwd-dbus_policy.patch # https://kernel.org/doc/wot/holtmann.html Source2: %{name}.keyring # needed for the tests to generate certificates @@ -31,7 +33,7 @@ BuildRequires: pkg-config BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(dbus-1) -BuildRequires: pkgconfig(ell) >= 0.72 +BuildRequires: pkgconfig(ell) >= 0.77 BuildRequires: pkgconfig(readline) BuildRequires: pkgconfig(systemd) %{?systemd_ordering} ++++++ iwd-3.6.tar.xz -> iwd-3.8.tar.xz ++++++ ++++ 1676 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ChangeLog new/iwd-3.8/ChangeLog --- old/iwd-3.6/ChangeLog 2025-04-02 15:06:29.000000000 +0200 +++ new/iwd-3.8/ChangeLog 2025-05-07 13:59:43.000000000 +0200 @@ -1,3 +1,12 @@ +ver 3.8: + Fix issue with handling unit tests and missing kernel features. + +ver 3.7: + Fix issue with handling length of EncryptedSecurity. + Fix issue with handling empty affinities lists. + Fix issue with handling survey scanning results. + Fix issue with handling duplicate values in DPP URI. + ver 3.6: Fix issue with handling blacklisting and roaming requests. Fix issue with handling CQM thresholds for FullMAC devices. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/Makefile.am new/iwd-3.8/Makefile.am --- old/iwd-3.6/Makefile.am 2025-02-11 00:17:14.000000000 +0100 +++ new/iwd-3.8/Makefile.am 2025-05-04 19:35:55.000000000 +0200 @@ -441,7 +441,7 @@ unit/test-arc4 unit/test-wsc unit/test-eap-mschapv2 \ unit/test-eap-sim unit/test-sae unit/test-p2p unit/test-band \ unit/test-dpp unit/test-json unit/test-nl80211util \ - unit/test-pmksa + unit/test-pmksa unit/test-storage endif if CLIENT @@ -605,6 +605,11 @@ unit_test_pmksa_SOURCES = unit/test-pmksa.c src/pmksa.c src/pmksa.h \ src/module.h src/util.h unit_test_pmksa_LDADD = $(ell_ldadd) + +unit_test_storage_SOURCES = unit/test-storage.c src/storage.c src/storage.h \ + src/crypto.c src/crypto.h \ + src/common.c src/common.h +unit_test_storage_LDADD = $(ell_ldadd) endif if CLIENT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/configure.ac new/iwd-3.8/configure.ac --- old/iwd-3.6/configure.ac 2025-04-02 15:06:29.000000000 +0200 +++ new/iwd-3.8/configure.ac 2025-05-07 13:59:43.000000000 +0200 @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([iwd],[3.6]) +AC_INIT([iwd],[3.8]) AC_CONFIG_HEADERS(config.h) AC_CONFIG_AUX_DIR(build-aux) @@ -300,7 +300,7 @@ test "${enable_monitor}" != "no" || test "${enable_wired}" = "yes" || test "${enable_hwsim}" = "yes"); then - ell_min_version="0.72" + ell_min_version="0.77" else ell_min_version="0.5" fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ell/ecc.c new/iwd-3.8/ell/ecc.c --- old/iwd-3.6/ell/ecc.c 2025-03-26 10:29:30.000000000 +0100 +++ new/iwd-3.8/ell/ecc.c 2025-04-02 20:33:28.000000000 +0200 @@ -1052,6 +1052,18 @@ return _ecc_constant_new(curve, r, curve->ndigits * 8); } + /* + * In the really unlikely case that ECC_RANDOM_MAX_ITERATIONS + * number of times the random data is not a valid scalar, + * then just abort. If this happens something is really + * wrong with the random source and there is no point to + * continue operation. + */ + + fprintf(stderr, "%s:%s(): failed to allocate valid scalar\n", + STRLOC, __func__); + abort(); + return NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ell/ecdh.c new/iwd-3.8/ell/ecdh.c --- old/iwd-3.6/ell/ecdh.c 2025-03-26 10:29:30.000000000 +0100 +++ new/iwd-3.8/ell/ecdh.c 2025-04-02 20:33:28.000000000 +0200 @@ -50,9 +50,8 @@ *out_public = l_ecc_point_new(curve); while (!compliant && iter++ < ECDH_MAX_ITERATIONS) { + /* aborts if no valid private key can be generated */ *out_private = l_ecc_scalar_new_random(curve); - if (!*out_private) - continue; _ecc_point_mult(*out_public, &curve->g, (*out_private)->c, NULL, curve->p); @@ -88,9 +87,8 @@ if (unlikely(!private_key || !other_public || !secret)) return false; + /* aborts if no valid scalar can be generated */ z = l_ecc_scalar_new_random(curve); - if (!z) - return false; product = l_ecc_point_new(curve); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ell/private.h new/iwd-3.8/ell/private.h --- old/iwd-3.6/ell/private.h 2023-09-27 11:03:04.000000000 +0200 +++ new/iwd-3.8/ell/private.h 2025-04-02 20:33:28.000000000 +0200 @@ -8,3 +8,5 @@ #include <ell/util.h> #define LIB_EXPORT __attribute__ ((visibility("default"))) + +#define STRLOC __FILE__ ":" L_STRINGIFY(__LINE__) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ell/test.c new/iwd-3.8/ell/test.c --- old/iwd-3.6/ell/test.c 2025-02-12 23:42:15.000000000 +0100 +++ new/iwd-3.8/ell/test.c 2025-05-07 12:33:02.000000000 +0200 @@ -55,6 +55,7 @@ const char *name; const void *data; l_test_func_t function; + l_test_precheck_t precheck; unsigned long flags; unsigned int num; struct test *next; @@ -260,7 +261,7 @@ if (!run_all && (test->flags & L_TEST_FLAG_EXPENSIVE_COMPUTATION)) { /* * Abort test cases with long running computation task - * to fail and with the be gracefully skipped + * to fail and with that be gracefully skipped */ abort(); return; @@ -314,15 +315,39 @@ static void run_next_test(void *user_data) { + struct test *test = test_head; pid_t pid; - if (!test_head) { + if (!test) { testing_active = false; return; } if (!tap_enable) - printf("TEST: %s\n", test_head->name); + printf("TEST: %s\n", test->name); + + if (test->precheck) { + bool result = test->precheck(test->data); + + if (test->flags & L_TEST_FLAG_INVERT_PRECHECK_RESULT) + result = !result; + + if (!result) { + if (tap_enable) + printf("ok %u - %s # SKIP not-supported\n", + test->num, test->name); + + test_head = test->next; + free(test); + + if (!test_head) + test_tail = NULL; + + /* Trigger the main pollfd loop */ + kill(getpid(), SIGUSR1); + return; + } + } pid = fork(); if (pid < 0) { @@ -341,9 +366,9 @@ /* Close stdout to not interfere with TAP */ close(STDOUT_FILENO); - test_setup(test_head); - test_function(test_head); - test_teardown(test_head); + test_setup(test); + test_function(test); + test_teardown(test); exit(EXIT_SUCCESS); } @@ -439,6 +464,7 @@ sigaddset(&sig_mask, SIGINT); sigaddset(&sig_mask, SIGTERM); sigaddset(&sig_mask, SIGCHLD); + sigaddset(&sig_mask, SIGUSR1); /* * Block signals so that they aren't handled according to their @@ -489,6 +515,9 @@ case SIGCHLD: sigchld_handler(NULL); break; + case SIGUSR1: + run_next_test(NULL); + break; } } @@ -499,32 +528,10 @@ return exit_status; } -/** - * l_test_add_data_func: - * @name: test name - * @function: test function - * @flags: test flags; - * - * Add new test. - **/ -LIB_EXPORT void l_test_add_func(const char *name, l_test_func_t function, - unsigned long flags) -{ - l_test_add_data_func(name, NULL, function, flags); -} - -/** - * l_test_add_data_func: - * @name: test name - * @function: test function - * @data: test data - * @flags: test flags; - * - * Add new test. - **/ -LIB_EXPORT void l_test_add_data_func(const char *name, const void *data, - l_test_func_t function, - unsigned long flags) +static void common_add(const char *name, const void *data, + l_test_func_t function, + l_test_precheck_t precheck, + unsigned long flags) { struct test *test; @@ -539,6 +546,7 @@ test->name = name; test->data = data; test->function = function; + test->precheck = precheck; test->flags = flags; test->num = ++test_count; test->next = NULL; @@ -553,6 +561,73 @@ } /** + * l_test_add_func_precheck: + * @name: test name + * @data: test data + * @function: test function + * @precheck: precheck function + * @flags: test flags; + * + * Add new test. + **/ +LIB_EXPORT void l_test_add_func_precheck(const char *name, + l_test_func_t function, + l_test_precheck_t precheck, + unsigned long flags) +{ + common_add(name, NULL, function, precheck, flags); +} + +/** + * l_test_add_data_func_precheck: + * @name: test name + * @data: test data + * @function: test function + * @precheck: precheck function + * @flags: test flags; + * + * Add new test. + **/ +LIB_EXPORT void l_test_add_data_func_precheck(const char *name, + const void *data, + l_test_func_t function, + l_test_precheck_t precheck, + unsigned long flags) +{ + common_add(name, data, function, precheck, flags); +} + +/** + * l_test_add_data_func: + * @name: test name + * @function: test function + * @flags: test flags; + * + * Add new test. + **/ +LIB_EXPORT void l_test_add_func(const char *name, l_test_func_t function, + unsigned long flags) +{ + common_add(name, NULL, function, NULL, flags); +} + +/** + * l_test_add_data_func: + * @name: test name + * @data: test data + * @function: test function + * @flags: test flags; + * + * Add new test. + **/ +LIB_EXPORT void l_test_add_data_func(const char *name, const void *data, + l_test_func_t function, + unsigned long flags) +{ + common_add(name, data, function, NULL, flags); +} + +/** * l_test_add: * @name: test name * @function: test function @@ -563,7 +638,7 @@ LIB_EXPORT void l_test_add(const char *name, l_test_func_t function, const void *data) { - l_test_add_data_func(name, data, function, default_flags); + common_add(name, data, function, NULL, default_flags); } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ell/test.h new/iwd-3.8/ell/test.h --- old/iwd-3.6/ell/test.h 2025-02-12 23:42:15.000000000 +0100 +++ new/iwd-3.8/ell/test.h 2025-05-07 12:33:02.000000000 +0200 @@ -8,6 +8,8 @@ #ifndef __ELL_TEST_H #define __ELL_TEST_H +#include <stdbool.h> + #ifdef __cplusplus extern "C" { #endif @@ -16,13 +18,23 @@ int l_test_run(void); typedef void (*l_test_func_t) (const void *data); +typedef bool (*l_test_precheck_t) (const void *data); #define L_TEST_FLAG_FAILURE_EXPECTED (1 << 1) #define L_TEST_FLAG_ALLOW_FAILURE (1 << 2) #define L_TEST_FLAG_LITTLE_ENDIAN_ONLY (1 << 3) #define L_TEST_FLAG_EXPENSIVE_COMPUTATION (1 << 4) -#define L_TEST_FLAG_REQUIRE_DBUS_SYSTEM_BUS (1 << 5) -#define L_TEST_FLAG_REQUIRE_DBUS_SESSION_BUS (1 << 6) +#define L_TEST_FLAG_INVERT_PRECHECK_RESULT (1 << 5) +#define L_TEST_FLAG_REQUIRE_DBUS_SYSTEM_BUS (1 << 8) +#define L_TEST_FLAG_REQUIRE_DBUS_SESSION_BUS (1 << 9) + +void l_test_add_func_precheck(const char *name, l_test_func_t function, + l_test_precheck_t precheck, + unsigned long flags); +void l_test_add_data_func_precheck(const char *name, const void *data, + l_test_func_t function, + l_test_precheck_t precheck, + unsigned long flags); void l_test_add_func(const char *name, l_test_func_t function, unsigned long flags); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/ell/util.c new/iwd-3.8/ell/util.c --- old/iwd-3.6/ell/util.c 2025-03-26 10:29:30.000000000 +0100 +++ new/iwd-3.8/ell/util.c 2025-04-02 20:33:28.000000000 +0200 @@ -29,8 +29,6 @@ * Utility functions */ -#define STRLOC __FILE__ ":" L_STRINGIFY(__LINE__) - /** * l_malloc: * @size: memory size to allocate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/monitor/nlmon.c new/iwd-3.8/monitor/nlmon.c --- old/iwd-3.6/monitor/nlmon.c 2024-12-20 08:55:09.000000000 +0100 +++ new/iwd-3.8/monitor/nlmon.c 2025-05-04 19:35:55.000000000 +0200 @@ -1915,7 +1915,7 @@ size--; ptr++; - if (!size) + if (size < 2) return; /* @@ -7433,7 +7433,7 @@ pcap_close(nlmon->pcap); - /* Exausted the single PCAP file */ + /* Exhausted the single PCAP file */ if (nlmon->max_files < 2) { printf("Reached maximum size of PCAP, exiting\n"); nlmon->pcap = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/src/dpp-util.c new/iwd-3.8/src/dpp-util.c --- old/iwd-3.6/src/dpp-util.c 2023-12-27 13:34:15.000000000 +0100 +++ new/iwd-3.8/src/dpp-util.c 2025-05-04 19:35:55.000000000 +0200 @@ -1166,21 +1166,34 @@ switch (*pos) { case 'C': + if (L_WARN_ON(info->freqs)) + goto free_info; + info->freqs = dpp_parse_class_and_channel(pos + 2, len); if (!info->freqs) goto free_info; break; case 'M': + if (L_WARN_ON(!l_memeqzero(info->mac, + sizeof(info->mac)))) + goto free_info; + ret = dpp_parse_mac(pos + 2, len, info->mac); if (ret < 0) goto free_info; break; case 'V': + if (L_WARN_ON(info->version != 0)) + goto free_info; + ret = dpp_parse_version(pos + 2, len, &info->version); if (ret < 0) goto free_info; break; case 'K': + if (L_WARN_ON(info->boot_public)) + goto free_info; + info->boot_public = dpp_parse_key(pos + 2, len); if (!info->boot_public) goto free_info; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/src/eap-mschapv2.c new/iwd-3.8/src/eap-mschapv2.c --- old/iwd-3.6/src/eap-mschapv2.c 2024-03-29 00:27:27.000000000 +0100 +++ new/iwd-3.8/src/eap-mschapv2.c 2025-05-04 19:35:55.000000000 +0200 @@ -544,7 +544,8 @@ return true; error: - free(state); + l_free(state->user); + l_free(state); return false; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/src/eap.c new/iwd-3.8/src/eap.c --- old/iwd-3.6/src/eap.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/src/eap.c 2025-05-04 19:35:55.000000000 +0200 @@ -425,8 +425,8 @@ size_t len) { enum eap_type type; - uint32_t vendor_id; - uint32_t vendor_type; + uint32_t vendor_id = 0; + uint32_t vendor_type = 0; enum eap_type our_type = eap->method->request_type; uint32_t our_vendor_id = (eap->method->vendor_id[0] << 16) | (eap->method->vendor_id[1] << 8) | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/src/scan.c new/iwd-3.8/src/scan.c --- old/iwd-3.6/src/scan.c 2024-11-25 19:05:53.000000000 +0100 +++ new/iwd-3.8/src/scan.c 2025-05-04 19:35:55.000000000 +0200 @@ -143,9 +143,9 @@ }; struct scan_survey_results { - struct scan_survey survey_2_4[14]; - struct scan_survey survey_5[196]; - struct scan_survey survey_6[233]; + struct scan_survey survey_2_4[15]; + struct scan_survey survey_5[197]; + struct scan_survey survey_6[234]; }; struct scan_results { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/src/station.c new/iwd-3.8/src/station.c --- old/iwd-3.6/src/station.c 2025-04-02 15:06:29.000000000 +0200 +++ new/iwd-3.8/src/station.c 2025-05-04 19:35:55.000000000 +0200 @@ -4815,7 +4815,7 @@ struct l_dbus_message_iter array; const char *sender = l_dbus_message_get_sender(message); char *old_path = l_queue_peek_head(station->affinities); - const char *new_path = NULL; + const char *new_path; struct scan_bss *new_bss = NULL; struct scan_bss *old_bss = NULL; bool lower_threshold = false; @@ -4835,10 +4835,15 @@ if (!l_dbus_message_iter_get_variant(new_value, "ao", &array)) return dbus_error_invalid_args(message); - /* Get first entry, there should be only one */ - l_dbus_message_iter_next_entry(&array, &new_path); - - if (l_dbus_message_iter_next_entry(&array, &new_path)) + /* Get first entry, or if an empty array set the path to NULL */ + if (!l_dbus_message_iter_next_entry(&array, &new_path)) + new_path = NULL; + + /* + * Only allowing single values for now. If there is more than a single + * value, fail + */ + if (new_path && l_dbus_message_iter_next_entry(&array, &new_path)) return dbus_error_invalid_args(message); old_path = l_queue_peek_head(station->affinities); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/src/storage.c new/iwd-3.8/src/storage.c --- old/iwd-3.6/src/storage.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/src/storage.c 2025-05-04 19:35:55.000000000 +0200 @@ -501,6 +501,13 @@ } /* + * It should likely be far larger than this, but that will get caught + * later when reloading the decrypted data. + */ + if (elen < 16) + return -EBADMSG; + + /* * AES-SIV automatically verifies the IV (16 bytes) and returns only * the decrypted data portion. We add one here for the NULL terminator * since this is always going to be textual data after decryption. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-cmac-aes.c new/iwd-3.8/unit/test-cmac-aes.c --- old/iwd-3.6/unit/test-cmac-aes.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-cmac-aes.c 2025-05-07 13:59:43.000000000 +0200 @@ -138,20 +138,22 @@ .tag_len = sizeof(tag_4), }; +static bool test_precheck(const void *data) +{ + return l_checksum_cmac_aes_supported(); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_cmac_aes_supported()) { - printf("AES-CMAC support missing, skipping...\n"); - goto done; - } - - l_test_add("/cmac-aes/Example 1", cmac_test, &example_1); - l_test_add("/cmac-aes/Example 2", cmac_test, &example_2); - l_test_add("/cmac-aes/Example 3", cmac_test, &example_3); - l_test_add("/cmac-aes/Example 4", cmac_test, &example_4); + add_test("/cmac-aes/Example 1", cmac_test, &example_1); + add_test("/cmac-aes/Example 2", cmac_test, &example_2); + add_test("/cmac-aes/Example 3", cmac_test, &example_3); + add_test("/cmac-aes/Example 4", cmac_test, &example_4); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-crypto.c new/iwd-3.8/unit/test-crypto.c --- old/iwd-3.6/unit/test-crypto.c 2019-10-30 11:50:34.000000000 +0100 +++ new/iwd-3.8/unit/test-crypto.c 2025-05-07 13:59:43.000000000 +0200 @@ -403,40 +403,32 @@ assert(memcmp(decrypted, plaintext, sizeof(decrypted)) == 0); } +static bool test_precheck(const void *data) +{ + return (l_cipher_is_supported(L_CIPHER_AES) && + l_checksum_is_supported(L_CHECKSUM_SHA1, true)); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_SHA1, true)) { - printf("SHA1 support missing, skipping...\n"); - goto done; - } - - if (!l_cipher_is_supported(L_CIPHER_AES)) { - printf("AES support missing, skipping...\n"); - goto done; - } - - l_test_add("/Passphrase Generator/PSK Test Case 1", - psk_test, &psk_test_case_1); - l_test_add("/Passphrase Generator/PSK Test Case 2", - psk_test, &psk_test_case_2); - l_test_add("/Passphrase Generator/PSK Test Case 3", - psk_test, &psk_test_case_3); - - l_test_add("/PTK Derivation/PTK Test Case 1", - ptk_test, &ptk_test_1); - l_test_add("/PTK Derivation/PTK Test Case 2", - ptk_test, &ptk_test_2); - l_test_add("/PTK Derivation/PTK Test Case 3", - ptk_test, &ptk_test_3); - l_test_add("/PTK Derivation/PTK Test Case 4", - ptk_test, &ptk_test_4); - - l_test_add("/AES Key-wrap/Wrap & unwrap", - aes_wrap_test, NULL); - l_test_add("/AES-SIV", aes_siv_test, NULL); + add_test("/Passphrase Generator/PSK Test Case 1", + psk_test, &psk_test_case_1); + add_test("/Passphrase Generator/PSK Test Case 2", + psk_test, &psk_test_case_2); + add_test("/Passphrase Generator/PSK Test Case 3", + psk_test, &psk_test_case_3); + + add_test("/PTK Derivation/PTK Test Case 1", ptk_test, &ptk_test_1); + add_test("/PTK Derivation/PTK Test Case 2", ptk_test, &ptk_test_2); + add_test("/PTK Derivation/PTK Test Case 3", ptk_test, &ptk_test_3); + add_test("/PTK Derivation/PTK Test Case 4", ptk_test, &ptk_test_4); + + add_test("/AES Key-wrap/Wrap & unwrap", aes_wrap_test, NULL); + add_test("/AES-SIV", aes_siv_test, NULL); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-dpp.c new/iwd-3.8/unit/test-dpp.c --- old/iwd-3.6/unit/test-dpp.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-dpp.c 2025-05-07 13:59:43.000000000 +0200 @@ -116,6 +116,29 @@ }, }; +struct dpp_test_info duplicates[] = { + /* Duplicate key */ + { + .uri = "DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", + .expect_fail = true + }, + /* Duplicate frequencies*/ + { + .uri = "DPP:C:81/1,115/36;C:81/1,115/36;;", + .expect_fail = true + }, + /* Duplicate MACs*/ + { + .uri = "DPP:M:5254005828e5;M:5254005828e5;;", + .expect_fail = true + }, + /* Duplicate versions */ + { + .uri = "DPP:V:2;V:2;;", + .expect_fail = true + }, +}; + static bool verify_info(const struct dpp_uri_info *parsed, const struct dpp_test_info *result) { @@ -158,6 +181,14 @@ test_uri_parse(&bad_channels[i]); } +static void test_duplicate_in_uri(const void *data) +{ + unsigned int i; + + for (i = 0; i < L_ARRAY_SIZE(duplicates); i++) + test_uri_parse(&duplicates[i]); +} + struct dpp_test_vector { /* Initiator values */ const char *i_proto_public; @@ -546,22 +577,25 @@ CHECK_FROM_STR(vector->v, tmp, 32); } +static bool test_precheck(const void *data) +{ + return (l_getrandom_is_supported() && + l_checksum_is_supported(L_CHECKSUM_SHA256, true)); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (l_checksum_is_supported(L_CHECKSUM_SHA256, true) && - l_getrandom_is_supported()) { - l_test_add("DPP test responder-only key derivation", - test_key_derivation, - &responder_only_p256); - l_test_add("DPP test mutual key derivation", - test_key_derivation, - &mutual_p256); - l_test_add("DPP test PKEX key derivation", - test_pkex_key_derivation, - &pkex_vector); - } + add_test("DPP test responder-only key derivation", test_key_derivation, + &responder_only_p256); + add_test("DPP test mutual key derivation", test_key_derivation, + &mutual_p256); + add_test("DPP test PKEX key derivation", test_pkex_key_derivation, + &pkex_vector); l_test_add("DPP URI parse", test_uri_parse, &all_values); l_test_add("DPP URI no type", test_uri_parse, &no_type); @@ -576,6 +610,7 @@ l_test_add("DPP URI bad key", test_uri_parse, &bad_key); l_test_add("DPP URI bad channels", test_bad_channels, &bad_channels); l_test_add("DPP URI unexpected ID", test_uri_parse, &unexpected_id); + l_test_add("DPP URI duplicates", test_duplicate_in_uri, &duplicates); return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-eap-mschapv2.c new/iwd-3.8/unit/test-eap-mschapv2.c --- old/iwd-3.6/unit/test-eap-mschapv2.c 2019-04-03 19:59:41.000000000 +0200 +++ new/iwd-3.8/unit/test-eap-mschapv2.c 2025-05-07 13:59:43.000000000 +0200 @@ -131,27 +131,23 @@ assert(!memcmp(msk, m_session_key, sizeof(m_session_key))); } +static bool test_precheck(const void *data) +{ + return l_checksum_is_supported(L_CHECKSUM_MD4, false); +} + +#define add_test(name, func) l_test_add_func_precheck(name, func, \ + test_precheck, 0) int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_MD4, false)) { - printf("MD4 support missing, skipping...\n"); - goto done; - } - - l_test_add("MSHAPv2 nt_password-hash", - test_nt_password_hash, NULL); - l_test_add("MSHAPv2 generate_nt_response", - test_generate_nt_response, NULL); - l_test_add("MSHAPv2 get_master_key", - test_get_master_key, NULL); - l_test_add("MSHAPv2 get_asym_state_key", - test_get_asym_key, NULL); - l_test_add("MSHAPv2 authenticator_response", - test_authenticator_response, NULL); + add_test("MSHAPv2 nt_password-hash", test_nt_password_hash); + add_test("MSHAPv2 generate_nt_response", test_generate_nt_response); + add_test("MSHAPv2 get_master_key", test_get_master_key); + add_test("MSHAPv2 get_asym_state_key", test_get_asym_key); + add_test("MSHAPv2 authenticator_response", test_authenticator_response); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-eapol.c new/iwd-3.8/unit/test-eapol.c --- old/iwd-3.6/unit/test-eapol.c 2024-11-25 19:05:53.000000000 +0100 +++ new/iwd-3.8/unit/test-eapol.c 2025-05-07 13:59:43.000000000 +0200 @@ -3908,6 +3908,38 @@ #define _IS_ENABLED2(one_or_two_args) _IS_ENABLED3(one_or_two_args true, false) #define _IS_ENABLED3(ignore_this, val, ...) val +static bool hash_precheck(const void *data) +{ + return (l_checksum_is_supported(L_CHECKSUM_MD5, true) && + l_checksum_is_supported(L_CHECKSUM_SHA1, true)); +} + +static bool aes_precheck(const void *data) +{ + return (l_cipher_is_supported(L_CIPHER_AES) && + l_checksum_is_supported(L_CHECKSUM_MD5, true) && + l_checksum_is_supported(L_CHECKSUM_SHA1, true)); +} + +static bool pkcs8_precheck(const void *data) +{ + return (IS_ENABLED(HAVE_PKCS8_SUPPORT) && + l_cipher_is_supported(L_CIPHER_AES) && + l_cipher_is_supported(L_CIPHER_AES_CBC) && + l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC) && + l_checksum_is_supported(L_CHECKSUM_MD5, true) && + l_checksum_is_supported(L_CHECKSUM_SHA1, true) && + l_key_is_supported(L_KEY_FEATURE_CRYPTO) && + l_key_is_supported(L_KEY_FEATURE_RESTRICT)); +} + +#define add_hash_test(name, func, data) l_test_add_data_func_precheck(name, \ + data, func, hash_precheck, 0) +#define add_aes_test(name, func, data) l_test_add_data_func_precheck(name, \ + data, func, aes_precheck, 0) +#define add_pkcs8_test(name, func, data) l_test_add_data_func_precheck(name, \ + data, func, pkcs8_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); @@ -3977,80 +4009,55 @@ l_test_add("/EAPoL Key/Key Frame 32", eapol_key_test, &eapol_key_test_32); - if (!l_checksum_is_supported(L_CHECKSUM_MD5, true) || - !l_checksum_is_supported(L_CHECKSUM_SHA1, true)) - goto done; - - l_test_add("/EAPoL Key/MIC Test 1", + add_hash_test("/EAPoL Key/MIC Test 1", eapol_key_mic_test, &eapol_key_mic_test_1); - l_test_add("/EAPoL Key/MIC Test 2", + add_hash_test("/EAPoL Key/MIC Test 2", eapol_key_mic_test, &eapol_key_mic_test_2); - - l_test_add("/EAPoL Key/Calculate MIC Test 1", + add_hash_test("/EAPoL Key/Calculate MIC Test 1", eapol_calculate_mic_test, &eapol_calculate_mic_test_1); - if (!l_cipher_is_supported(L_CIPHER_AES)) - goto done; - - l_test_add("EAPoL/WPA2 4-Way Handshake", - &eapol_4way_test, NULL); - - l_test_add("EAPoL/WPA2 4-Way & GTK Handshake", - &eapol_wpa2_handshake_test, NULL); - - l_test_add("EAPoL/WPA 4-Way & GTK Handshake", - &eapol_wpa_handshake_test, NULL); - - l_test_add("EAPoL/WPA2 PTK State Machine", &eapol_sm_test_ptk, NULL); - - l_test_add("EAPoL IGTK & 4-Way Handshake", - &eapol_sm_test_igtk, NULL); - - l_test_add("EAPoL/WPA2 PTK & GTK State Machine", - &eapol_sm_test_wpa2_ptk_gtk, NULL); - - l_test_add("EAPoL/WPA PTK & GTK State Machine Test 1", - &eapol_sm_test_wpa_ptk_gtk, NULL); - - l_test_add("EAPoL/WPA PTK & GTK State Machine Test 2", - &eapol_sm_test_wpa_ptk_gtk_2, NULL); - - l_test_add("EAPoL/WPA2 Retransmit Test", - &eapol_sm_wpa2_retransmit_test, NULL); - - if (IS_ENABLED(HAVE_PKCS8_SUPPORT) && - l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC) && - l_cipher_is_supported(L_CIPHER_AES_CBC) && - l_key_is_supported(L_KEY_FEATURE_RESTRICT | - L_KEY_FEATURE_CRYPTO)) { - l_test_add("EAPoL/8021x EAP-TLS & 4-Way Handshake", - &eapol_sm_test_eap_tls, NULL); - - l_test_add("EAPoL/8021x EAP-TTLS+EAP-MD5 & 4-Way Handshake", - &eapol_sm_test_eap_ttls_md5, NULL); - l_test_add("EAPoL/8021x EAP NAK", - &eapol_sm_test_eap_nak, NULL); - - l_test_add("EAPoL/8021x EAP-TLS subject name match", - &eapol_sm_test_eap_tls_subject_good, NULL); - l_test_add("EAPoL/8021x EAP-TLS subject name mismatch", - &eapol_sm_test_eap_tls_subject_bad, NULL); - l_test_add("EAPoL/8021x EAP-TLS embedded certs", - &eapol_sm_test_eap_tls_embedded, NULL); - } - - l_test_add("EAPoL/FT-Using-PSK 4-Way Handshake", - &eapol_ft_handshake_test, NULL); - - l_test_add("EAPoL/Supplicant+Authenticator 4-Way Handshake", - &eapol_ap_sta_handshake_test, NULL); - l_test_add("EAPoL/Supplicant+Authenticator 4-Way Handshake Bad PSK", - &eapol_ap_sta_handshake_bad_psk_test, NULL); - l_test_add("EAPoL/Supplicant+Authenticator IP Allocation OK", - &eapol_ap_sta_handshake_ip_alloc_ok_test, NULL); - l_test_add("EAPoL/Supplicant+Authenticator IP Allocation no request", - &eapol_ap_sta_handshake_ip_alloc_no_req_test, NULL); + add_aes_test("EAPoL/WPA2 4-Way Handshake", + eapol_4way_test, NULL); + add_aes_test("EAPoL/WPA2 4-Way & GTK Handshake", + eapol_wpa2_handshake_test, NULL); + add_aes_test("EAPoL/WPA 4-Way & GTK Handshake", + eapol_wpa_handshake_test, NULL); + add_aes_test("EAPoL/WPA2 PTK State Machine", + eapol_sm_test_ptk, NULL); + add_aes_test("EAPoL IGTK & 4-Way Handshake", + eapol_sm_test_igtk, NULL); + add_aes_test("EAPoL/WPA2 PTK & GTK State Machine", + eapol_sm_test_wpa2_ptk_gtk, NULL); + add_aes_test("EAPoL/WPA PTK & GTK State Machine Test 1", + eapol_sm_test_wpa_ptk_gtk, NULL); + add_aes_test("EAPoL/WPA PTK & GTK State Machine Test 2", + eapol_sm_test_wpa_ptk_gtk_2, NULL); + add_aes_test("EAPoL/WPA2 Retransmit Test", + eapol_sm_wpa2_retransmit_test, NULL); + + add_pkcs8_test("EAPoL/8021x EAP-TLS & 4-Way Handshake", + eapol_sm_test_eap_tls, NULL); + add_pkcs8_test("EAPoL/8021x EAP-TTLS+EAP-MD5 & 4-Way Handshake", + eapol_sm_test_eap_ttls_md5, NULL); + add_pkcs8_test("EAPoL/8021x EAP NAK", + eapol_sm_test_eap_nak, NULL); + add_pkcs8_test("EAPoL/8021x EAP-TLS subject name match", + eapol_sm_test_eap_tls_subject_good, NULL); + add_pkcs8_test("EAPoL/8021x EAP-TLS subject name mismatch", + eapol_sm_test_eap_tls_subject_bad, NULL); + add_pkcs8_test("EAPoL/8021x EAP-TLS embedded certs", + eapol_sm_test_eap_tls_embedded, NULL); + + add_aes_test("EAPoL/FT-Using-PSK 4-Way Handshake", + eapol_ft_handshake_test, NULL); + add_aes_test("EAPoL/Supplicant+Authenticator 4-Way Handshake", + eapol_ap_sta_handshake_test, NULL); + add_aes_test("EAPoL/Supplicant+Authenticator 4-Way Handshake Bad PSK", + eapol_ap_sta_handshake_bad_psk_test, NULL); + add_aes_test("EAPoL/Supplicant+Authenticator IP Allocation OK", + eapol_ap_sta_handshake_ip_alloc_ok_test, NULL); + add_aes_test("EAPoL/Supplicant+Authenticator IP Allocation no request", + eapol_ap_sta_handshake_ip_alloc_no_req_test, NULL); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-hmac-md5.c new/iwd-3.8/unit/test-hmac-md5.c --- old/iwd-3.6/unit/test-hmac-md5.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-hmac-md5.c 2025-05-07 13:59:43.000000000 +0200 @@ -81,18 +81,20 @@ .hmac = "80070713463e7749b90c2dc24911e275", }; +static bool test_precheck(const void *data) +{ + return l_checksum_is_supported(L_CHECKSUM_MD5, true); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_MD5, true)) { - printf("MD5 support missing, skipping...\n"); - goto done; - } - - l_test_add("/hmac-md5/Test case 1", hmac_test, &test_case_1); - l_test_add("/hmac-md5/Test case 2", hmac_test, &test_case_2); + add_test("/hmac-md5/Test case 1", hmac_test, &test_case_1); + add_test("/hmac-md5/Test case 2", hmac_test, &test_case_2); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-hmac-sha1.c new/iwd-3.8/unit/test-hmac-sha1.c --- old/iwd-3.6/unit/test-hmac-sha1.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-hmac-sha1.c 2025-05-07 13:59:43.000000000 +0200 @@ -81,18 +81,20 @@ .hmac = "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9", }; +static bool test_precheck(const void *data) +{ + return l_checksum_is_supported(L_CHECKSUM_SHA1, true); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_SHA1, true)) { - printf("SHA1 support missing, skipping...\n"); - goto done; - } - - l_test_add("/hmac-sha1/Test case 1", hmac_test, &test_case_1); - l_test_add("/hmac-sha1/Test case 2", hmac_test, &test_case_2); + add_test("/hmac-sha1/Test case 1", hmac_test, &test_case_1); + add_test("/hmac-sha1/Test case 2", hmac_test, &test_case_2); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-hmac-sha256.c new/iwd-3.8/unit/test-hmac-sha256.c --- old/iwd-3.6/unit/test-hmac-sha256.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-hmac-sha256.c 2025-05-07 13:59:43.000000000 +0200 @@ -83,18 +83,20 @@ "ef4d59a14946175997479dbc2d1a3cd8", }; +static bool test_precheck(const void *data) +{ + return l_checksum_is_supported(L_CHECKSUM_SHA256, true); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_SHA256, true)) { - printf("SHA256 support missing, skipping...\n"); - goto done; - } - - l_test_add("/hmac-sha256/Test case 1", hmac_test, &test_case_1); - l_test_add("/hmac-sha256/Test case 2", hmac_test, &test_case_2); + add_test("/hmac-sha256/Test case 1", hmac_test, &test_case_1); + add_test("/hmac-sha256/Test case 2", hmac_test, &test_case_2); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-kdf-sha256.c new/iwd-3.8/unit/test-kdf-sha256.c --- old/iwd-3.6/unit/test-kdf-sha256.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-kdf-sha256.c 2025-05-07 13:59:43.000000000 +0200 @@ -81,17 +81,19 @@ "84f7d2291143d4d4", }; +static bool test_precheck(const void *data) +{ + return l_checksum_is_supported(L_CHECKSUM_SHA256, true); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_SHA256, true)) { - printf("SHA256 support missing, skipping...\n"); - goto done; - } - - l_test_add("/kdf-sha256/Test case 1", kdf_test, &test_case_1); + add_test("/kdf-sha256/Test case 1", kdf_test, &test_case_1); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-p2p.c new/iwd-3.8/unit/test-p2p.c --- old/iwd-3.6/unit/test-p2p.c 2019-11-27 23:09:49.000000000 +0100 +++ new/iwd-3.8/unit/test-p2p.c 2025-05-04 19:35:55.000000000 +0200 @@ -341,7 +341,7 @@ .group_caps = 0, }, .listen_channel = { - .country = "XX\x04", + .country = { 'X', 'X', '\x04' }, .oper_class = 81, .channel_num = 1, }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-prf-sha1.c new/iwd-3.8/unit/test-prf-sha1.c --- old/iwd-3.6/unit/test-prf-sha1.c 2024-11-07 19:38:10.000000000 +0100 +++ new/iwd-3.8/unit/test-prf-sha1.c 2025-05-07 13:59:43.000000000 +0200 @@ -113,19 +113,21 @@ "f7b4abd43d87f0a68f1cbd9e2b6f7607", }; +static bool test_precheck(const void *data) +{ + return l_checksum_is_supported(L_CHECKSUM_SHA1, true); +} + +#define add_test(name, func, data) l_test_add_data_func_precheck(name, data, \ + func, test_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); - if (!l_checksum_is_supported(L_CHECKSUM_SHA1, true)) { - printf("SHA1 support missing, skipping...\n"); - goto done; - } - - l_test_add("/prf-sha1/Test case 1", prf_test, &test_case_1); - l_test_add("/prf-sha1/Test case 2", prf_test, &test_case_2); - l_test_add("/prf-sha1/Test case 3", prf_test, &test_case_3); + add_test("/prf-sha1/Test case 1", prf_test, &test_case_1); + add_test("/prf-sha1/Test case 2", prf_test, &test_case_2); + add_test("/prf-sha1/Test case 3", prf_test, &test_case_3); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-sae.c new/iwd-3.8/unit/test-sae.c --- old/iwd-3.6/unit/test-sae.c 2024-11-25 19:05:53.000000000 +0100 +++ new/iwd-3.8/unit/test-sae.c 2025-05-07 13:59:43.000000000 +0200 @@ -871,32 +871,29 @@ l_ecc_point_free(pt); } -int main(int argc, char *argv[]) +static bool test_precheck(const void *data) { - l_test_init(&argc, &argv); - - if (!l_getrandom_is_supported()) { - l_info("l_getrandom not supported, skipping..."); - goto done; - } + return (l_getrandom_is_supported() && + l_checksum_is_supported(L_CHECKSUM_SHA256, true)); +} - if (!l_checksum_is_supported(L_CHECKSUM_SHA256, true)) { - l_info("SHA256/HMAC_SHA256 not supported, skipping..."); - goto done; - } +#define add_test(name, func) l_test_add_func_precheck(name, func, \ + test_precheck, 0) - l_test_add("SAE anti-clogging", test_clogging, NULL); - l_test_add("SAE early confirm", test_early_confirm, NULL); - l_test_add("SAE reflection", test_reflection, NULL); - l_test_add("SAE malformed commit", test_malformed_commit, NULL); - l_test_add("SAE malformed confirm", test_malformed_confirm, NULL); - l_test_add("SAE bad group", test_bad_group, NULL); - l_test_add("SAE bad confirm", test_bad_confirm, NULL); - l_test_add("SAE confirm after accept", test_confirm_after_accept, NULL); - l_test_add("SAE end-to-end", test_end_to_end, NULL); +int main(int argc, char *argv[]) +{ + l_test_init(&argc, &argv); - l_test_add("SAE pt-pwe", test_pt_pwe, NULL); + add_test("SAE anti-clogging", test_clogging); + add_test("SAE early confirm", test_early_confirm); + add_test("SAE reflection", test_reflection); + add_test("SAE malformed commit", test_malformed_commit); + add_test("SAE malformed confirm", test_malformed_confirm); + add_test("SAE bad group", test_bad_group); + add_test("SAE bad confirm", test_bad_confirm); + add_test("SAE confirm after accept", test_confirm_after_accept); + add_test("SAE end-to-end", test_end_to_end); + add_test("SAE pt-pwe", test_pt_pwe); -done: return l_test_run(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-storage.c new/iwd-3.8/unit/test-storage.c --- old/iwd-3.6/unit/test-storage.c 1970-01-01 01:00:00.000000000 +0100 +++ new/iwd-3.8/unit/test-storage.c 2025-05-07 13:59:43.000000000 +0200 @@ -0,0 +1,66 @@ +/* + * + * Wireless daemon for Linux + * + * Copyright (C) 2025 Locus Robotics. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <assert.h> + +#include <ell/ell.h> + +#include "src/storage.h" + +static bool aes_ctr_supported(const void *data) +{ + return l_cipher_is_supported(L_CIPHER_AES_CTR); +} + +static void test_short_encrypted_bytes(const void *data) +{ + struct l_settings *settings = l_settings_new(); + bool changed; + int err; + + storage_init((const uint8_t *)"abc123", 6); + + l_settings_set_string(settings, "Security", "EncryptedSecurity", "012345"); + l_settings_set_string(settings, "Security", "EncryptedSalt", "012345"); + + err = __storage_decrypt(settings, "mySSID", &changed); + assert(err == -EBADMSG); + + l_settings_free(settings); + + storage_exit(); +} + +int main(int argc, char *argv[]) +{ + l_test_init(&argc, &argv); + + l_test_add_func_precheck("/storage/profile encryption", + test_short_encrypted_bytes, + aes_ctr_supported, 0); + + return l_test_run(); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iwd-3.6/unit/test-wsc.c new/iwd-3.8/unit/test-wsc.c --- old/iwd-3.6/unit/test-wsc.c 2024-11-25 19:05:53.000000000 +0100 +++ new/iwd-3.8/unit/test-wsc.c 2025-05-07 13:59:43.000000000 +0200 @@ -2574,6 +2574,39 @@ .encryption_type = WSC_ENCRYPTION_TYPE_NONE, }; +static bool getrandom_precheck(const void *data) +{ + return l_getrandom_is_supported(); +} + +static bool aes_cbc_precheck(const void *data) +{ + return l_cipher_is_supported(L_CIPHER_AES_CBC); +} + +static bool key_crypto_precheck(const void *data) +{ + return (l_key_is_supported(L_KEY_FEATURE_CRYPTO) && + l_checksum_is_supported(L_CHECKSUM_SHA256, true)); +} + +static bool key_dh_precheck(const void *data) +{ + return (l_key_is_supported(L_KEY_FEATURE_DH) && + l_key_is_supported(L_KEY_FEATURE_CRYPTO) && + l_checksum_is_supported(L_CHECKSUM_SHA256, true)); +} + +#define add_aes_cbc_test(name, func, data) l_test_add_data_func_precheck(name, \ + data, func, \ + aes_cbc_precheck, 0) +#define add_crypto_test(name, func, data) l_test_add_data_func_precheck(name, \ + data, func, \ + key_crypto_precheck, 0) +#define add_dh_test(name, func, data) l_test_add_data_func_precheck(name, \ + data, func, \ + key_dh_precheck, 0) + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); @@ -2595,8 +2628,8 @@ l_test_add("/wsc/pin/valid pin", wsc_test_pin_valid, NULL); l_test_add("/wsc/pin/valid checksum", wsc_test_pin_checksum, NULL); - if (l_getrandom_is_supported()) - l_test_add("/wsc/pin/generate", wsc_test_pin_generate, NULL); + l_test_add_func_precheck("/wsc/pin/generate", wsc_test_pin_generate, + getrandom_precheck, 0); l_test_add("/wsc/gen_uuid/1", wsc_test_uuid_from_addr, &uuid_from_addr_data_1); @@ -2607,96 +2640,77 @@ l_test_add("/wsc/build/m1 1", wsc_test_build_m1, &m1_data_1); l_test_add("/wsc/build/m1 2", wsc_test_build_m1, &m1_data_2); - if (!l_checksum_is_supported(L_CHECKSUM_SHA256, true)) { - printf("SHA256 support missing, skipping other tests...\n"); - goto done; - } - - if (!l_key_is_supported(L_KEY_FEATURE_CRYPTO)) { - printf("Key crypto not supported, skipping other tests...\n"); - goto done; - } - - if (l_key_is_supported(L_KEY_FEATURE_DH)) { - l_test_add("/wsc/parse/m2 1", wsc_test_parse_m2, &m2_data_1); - l_test_add("/wsc/parse/m2 2", wsc_test_parse_m2, &m2_data_2); - } - - l_test_add("/wsc/build/m2 1", wsc_test_build_m2, &m2_data_1); - - l_test_add("/wsc/parse/m3 1", wsc_test_parse_m3, &m3_data_1); - l_test_add("/wsc/build/m3 1", wsc_test_build_m3, &m3_data_1); - - l_test_add("/wsc/parse/m4 1", wsc_test_parse_m4, &m4_data_1); - l_test_add("/wsc/build/m4 1", wsc_test_build_m4, &m4_data_1); - - l_test_add("/wsc/parse/m4 encrypted settings 1", - wsc_test_parse_m4_encrypted_settings, - &m4_encrypted_settings_data_1); - l_test_add("/wsc/build/m4 encrypted settings 1", - wsc_test_build_m4_encrypted_settings, - &m4_encrypted_settings_data_1); - - l_test_add("/wsc/parse/m5 1", wsc_test_parse_m5, &m5_data_1); - l_test_add("/wsc/build/m5 1", wsc_test_build_m5, &m5_data_1); - - l_test_add("/wsc/parse/m6 1", wsc_test_parse_m6, &m6_data_1); - l_test_add("/wsc/build/m6 1", wsc_test_build_m6, &m6_data_1); - - l_test_add("/wsc/parse/m6 encrypted settings 1", - wsc_test_parse_m6_encrypted_settings, - &m6_encrypted_settings_data_1); - l_test_add("/wsc/build/m6 encrypted settings 1", - wsc_test_build_m6_encrypted_settings, - &m6_encrypted_settings_data_1); - - l_test_add("/wsc/parse/m7 1", wsc_test_parse_m7, &m7_data_1); - l_test_add("/wsc/build/m7 1", wsc_test_build_m7, &m7_data_1); - - l_test_add("/wsc/parse/m8 1", wsc_test_parse_m8, &m8_data_1); - l_test_add("/wsc/build/m8 1", wsc_test_build_m8, &m8_data_1); - - l_test_add("/wsc/parse/m8 encrypted settings 1", - wsc_test_parse_m8_encrypted_settings, - &m8_encrypted_settings_data_1); - l_test_add("/wsc/build/m8 encrypted settings 1", - wsc_test_build_m8_encrypted_settings, - &m8_encrypted_settings_data_1); + add_dh_test("/wsc/parse/m2 1", wsc_test_parse_m2, &m2_data_1); + add_dh_test("/wsc/parse/m2 2", wsc_test_parse_m2, &m2_data_2); + + add_crypto_test("/wsc/build/m2 1", wsc_test_build_m2, &m2_data_1); - l_test_add("/wsc/parse/wsc_done 1", wsc_test_parse_wsc_done, + add_crypto_test("/wsc/parse/m3 1", wsc_test_parse_m3, &m3_data_1); + add_crypto_test("/wsc/build/m3 1", wsc_test_build_m3, &m3_data_1); + + add_crypto_test("/wsc/parse/m4 1", wsc_test_parse_m4, &m4_data_1); + add_crypto_test("/wsc/build/m4 1", wsc_test_build_m4, &m4_data_1); + + add_crypto_test("/wsc/parse/m4 encrypted settings 1", + wsc_test_parse_m4_encrypted_settings, + &m4_encrypted_settings_data_1); + add_crypto_test("/wsc/build/m4 encrypted settings 1", + wsc_test_build_m4_encrypted_settings, + &m4_encrypted_settings_data_1); + + add_crypto_test("/wsc/parse/m5 1", wsc_test_parse_m5, &m5_data_1); + add_crypto_test("/wsc/build/m5 1", wsc_test_build_m5, &m5_data_1); + + add_crypto_test("/wsc/parse/m6 1", wsc_test_parse_m6, &m6_data_1); + add_crypto_test("/wsc/build/m6 1", wsc_test_build_m6, &m6_data_1); + + add_crypto_test("/wsc/parse/m6 encrypted settings 1", + wsc_test_parse_m6_encrypted_settings, + &m6_encrypted_settings_data_1); + add_crypto_test("/wsc/build/m6 encrypted settings 1", + wsc_test_build_m6_encrypted_settings, + &m6_encrypted_settings_data_1); + + add_crypto_test("/wsc/parse/m7 1", wsc_test_parse_m7, &m7_data_1); + add_crypto_test("/wsc/build/m7 1", wsc_test_build_m7, &m7_data_1); + + add_crypto_test("/wsc/parse/m8 1", wsc_test_parse_m8, &m8_data_1); + add_crypto_test("/wsc/build/m8 1", wsc_test_build_m8, &m8_data_1); + + add_crypto_test("/wsc/parse/m8 encrypted settings 1", + wsc_test_parse_m8_encrypted_settings, + &m8_encrypted_settings_data_1); + add_crypto_test("/wsc/build/m8 encrypted settings 1", + wsc_test_build_m8_encrypted_settings, + &m8_encrypted_settings_data_1); + + add_crypto_test("/wsc/parse/wsc_done 1", wsc_test_parse_wsc_done, &wsc_done_data_1); - l_test_add("/wsc/build/wsc_done 1", wsc_test_build_wsc_done, + add_crypto_test("/wsc/build/wsc_done 1", wsc_test_build_wsc_done, &wsc_done_data_1); - if (!l_key_is_supported(L_KEY_FEATURE_DH)) - goto done; - - l_test_add("/wsc/diffie-hellman/generate pubkey 1", + add_dh_test("/wsc/diffie-hellman/generate pubkey 1", wsc_test_dh_generate_pubkey, &dh_generate_pubkey_test_data_1); - l_test_add("/wsc/diffie-hellman/generate pubkey 2", + add_dh_test("/wsc/diffie-hellman/generate pubkey 2", wsc_test_dh_generate_pubkey, &dh_generate_pubkey_test_data_2); - if (!l_cipher_is_supported(L_CIPHER_AES_CBC)) - goto done; - - l_test_add("/wsc/handshake/PBC Handshake Test", + add_aes_cbc_test("/wsc/handshake/PBC Handshake Test", wsc_test_pbc_handshake, NULL); - l_test_add("/wsc/retransmission/no fragmentation", + add_aes_cbc_test("/wsc/retransmission/no fragmentation", wsc_test_retransmission_no_fragmentation, NULL); - l_test_add("/wsc-r/handshake/PBC Handshake WPA2 passphrase test", - wsc_r_test_pbc_handshake, - &wsc_r_test_wpa2_cred_passphrase); - l_test_add("/wsc-r/handshake/PBC Handshake WPA2 PSK test", - wsc_r_test_pbc_handshake, - &wsc_r_test_wpa2_cred_psk); - l_test_add("/wsc-r/handshake/PBC Handshake Open test", - wsc_r_test_pbc_handshake, - &wsc_r_test_open_cred); + add_aes_cbc_test("/wsc-r/handshake/PBC Handshake WPA2 passphrase test", + wsc_r_test_pbc_handshake, + &wsc_r_test_wpa2_cred_passphrase); + add_aes_cbc_test("/wsc-r/handshake/PBC Handshake WPA2 PSK test", + wsc_r_test_pbc_handshake, + &wsc_r_test_wpa2_cred_psk); + add_aes_cbc_test("/wsc-r/handshake/PBC Handshake Open test", + wsc_r_test_pbc_handshake, + &wsc_r_test_open_cred); -done: return l_test_run(); } ++++++ iwd-dbus_policy.patch ++++++ From: Luigi Baldoni <aloi...@gmx.com> Date: 2025-06-07 05:54:10 +0000 References: https://bugzilla.suse.com/show_bug.cgi?id=1244137 Resolve a number of errors pointed out by rpmlint. ``` iwd.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="net.connman.iwd.Agent"/> /usr/share/dbus-1/system.d/iwd-dbus.conf iwd.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="net.connman.iwd.SignalLevelAgent"/> /usr/share/dbus-1/system.d/iwd-dbus.conf iwd.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="net.connman.iwd.SharedCodeAgent"/> /usr/share/dbus-1/system.d/iwd-dbus.conf 'allow' directives must always specify a 'send_destination'. ``` Index: iwd-3.8/src/iwd-dbus.conf =================================================================== --- iwd-3.8.orig/src/iwd-dbus.conf +++ iwd-3.8/src/iwd-dbus.conf @@ -10,9 +10,9 @@ <policy user="root"> <allow own="net.connman.iwd"/> <allow send_destination="net.connman.iwd"/> - <allow send_interface="net.connman.iwd.Agent"/> - <allow send_interface="net.connman.iwd.SignalLevelAgent"/> - <allow send_interface="net.connman.iwd.SharedCodeAgent"/> + <allow send_interface="net.connman.iwd.Agent" send_destination="net.connman.iwd"/> + <allow send_interface="net.connman.iwd.SignalLevelAgent" send_destination="net.connman.iwd"/> + <allow send_interface="net.connman.iwd.SharedCodeAgent" send_destination="net.connman.iwd"/> </policy> <policy group="wheel">
